Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
The Eyes (and Privacy Laws) of Texas Are Upon You
Consistent with the cliché that “everything's bigger in Texas,” the Texas legislature has introduced not one, but two separate bills relating to the privacy of personal information. Although still in their nascent stages, both bills — the Texas Privacy Protection Act (TPPA) (H.B. 4390) and The Texas Consumer Privacy Act (TCPA) (H.B. 4518) —follow California's lead in creating enhanced and stringent privacy protections for individual consumers.
The TCPA models the California Consumer Privacy Act (CCPA) pretty closely, while the TPPA focuses on collecting online data and requires businesses to maintain a comprehensive data security program. Since Cybersecurity Law & Strategy has covered the CCPA in previous issues, this article focuses on the TPPA.
The TPPA is arguably the less onerous of the two bills, although you might not necessarily realize it at first blush, given the broad way it defines “personal identifying information” (PII). In addition to the traditional categories of information protected by privacy statutes (social security number, driver's license numbers, credit card or financial account information, etc.), PII includes biometric information (fingerprint, voice print, retina or iris image, or any other unique physical representation), religious affiliation or practice information, racial or ethnic origin information, unique genetic information, physical or mental health information, precise geolocation data and the private communications or other user-created content of an individual that is not publicly available. This alone will considerably expand the scope of entities that will likely have to comply with the law.
Compliance
In terms of who must comply with the law, the TPPA would only apply to for profit businesses that: 1) do business in Texas; 2) have more than 50 employees (but the employees do not have to reside or work in Texas); 3) collects the personal identifying information of more than 5,000 individuals, households, or devices or has that information collected on the business's behalf; and 4) either: A) has annual gross revenue in an amount that exceeds $25 million; or B) derives 50% or more of the business's annual revenue by processing personal identifying information. Note that requirement 3) above refers to “individuals, households, or devices,” not to “Texas residents.” This means that if an Internet business has only a handful of customers in Texas, but numerous customers elsewhere, it could still theoretically be subject to the requirements of this law.
Collecting PII
Most categories of PII are covered under the TPPA, but there are exemptions for publicly available information, information covered under certain federal or Texas statutes (HIPAA, the Texas Medical Records Privacy Act, GLBA, the Fair Credit Reporting Act and FERPA), information collected solely to facilitate the transmission/routing of PII between or among businesses, and PII transmitted to and from the individual to whom the PII relates if the collector of the information does not access, review or modify the content of the information, or otherwise perform or conduct any analytical, algorithmic, or machine learning processes on the information.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Removing Restrictive Covenants In New York
In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?
Legal Possession: What Does It Mean?
Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.